Introduction
Chapter1.MVC 5
- 1.1.The Complete ASP.NET MVC 5 Course
  1.0. Deploy .NET project to IIS
  1.1.Getting started
  1.1.1.MVC Architectural
  1.1.2.Setting up the development environment
  1.1.3.Create MVC APP
  1.1.4.Add a new Model, Controller, View
  1.2.ASP.NET MVC Fundamentals
  1.2.1.Action
  1.2.2.Route
  1.2.3.Pass data to views
  1.2.4.ViewModel
  1.2.5.View
  1.3.Working with data
  1.3.1.Entity framework
  1.3.2.Database First v.s. Code First
  1.3.3.Code-first Migrations
  1.3.4.Seeding the database
  1.3.5.Overriding conventions
  1.3.6.Query objects
  1.4.Building Forms
  1.4.1.The Markup (labelFor, textbox, checkbox)
  1.4.2.Labels
  1.4.3.Drop down list
  1.4.4.Model binding and save data
  1.4.5.Edit form
  1.5.Implement validation
  1.5.1.Adding validation
  1.5.2.Data annotation
  1.5.3.Client side validation
  1.5.4.Anti-forgery Tokens
  1.6. Building RESTful API
  1.6.1. What is Web API?
  1.6.2. RESTful convetion
  1.6.3. Building a API and testing
  1.6.4. Data Transfer Object
  1.6.5. Use camel annotation
  1.6.6. Use IHttpActionResult
  1.7.Client-side Development
  1.7.1.Calling an API using jQuery
  1.7.2.Bootbox plug-in
  1.7.3.DataTable plug-in using AJAX source
  1.7.4.Returning Hierarchical Data
  1.8.Authentication and Authorization
  1.8.1.The problem
  1.8.2.Authentication options
  1.8.3.Restricting Access
  1.8.4.Seeding Users and Roles
  1.8.5.Working with Roles
  1.8.6.Adding Profile Data
  1.8.7.OAuth
  1.8.8.Social Logins
  1.9.Performance Optimization
  1.9.1.Overview
  1.9.2.Data Tier
  1.9.3.Glimpse
  1.9.4.Output Cache
  1.9.5.Data Cache
  1.9.6.Async
  1.9.7.Disabling Session
  1.9.8.Client Tier
  1.10.Building a Feature End-to-End Systematically
  1.10.1.Domain Modelling
  1.10.2.Adding Auto-completion
  1.10.3.Updating the DOM
  1.10.4.Implementing Client-side Validation
  1.11.Deployment
  1.11.1.Deploying the application
  1.11.2.Deploying the database
  1.11.3.Build configurations
  1.11.4.Application settings
  1.11.5.Custom Error Pages
  1.11.6.Logging Unhandled Exceptions
  1.12.Approved collection server
  1.12.1.Overview
  1.12.2.測試上傳審批資料
  1.12.3.取得Token的方式
  1.12.4.測試取得審批資料, Log資料
  1.12.5.將API接口綁定到雲之家審批
- 1.2.Skilltree MVC 實戰營筆記
  1.2.1..NET MVC overview and razor view
  1.2.2.Controller, Model, Entity framework, service
  1.2.3.HTML helper, Extension method, Validation
  1.2.4.Security, ActionFilter, ActionResult
  1.2.5.DataType, Templates
Chapter2.SignalR
Chapter3.REST API Design, Development & Management
Chapter4.REST API/Web Services testing with SoapUI

Powered by GitBook

On this page

Was this helpful?

3.4.1.REST API Security - Introduction

Previous3.4.REST API Security Next3.4.2.Securing API with Basic Authentication

Last updated 4 years ago

Application security
- An attack can occur on almost any of these points
- The attacker can attack the application and manipulate the data or steal the identity
- The attacker can look at the abilities understand the abilities of the gateway and that will connect to the backend system
- The attacker can bleach the firewall and go directly to the server
- Bottom line is: think about security at every touch point in the API, not just API implementation
Mobile application concern
Data security
- Always use TLS/ HTTPS for REST API
API security
- Authentication
- Authorization
- Functional attacks